When an end user makes a request to receive data or to delete data from your environment that contains personally identifiable information (PII), you can create a request in Request Manager to manage and fulfill the request. If the end user requested to receive data, you can redact the PII from the data before it is sent to the end user.
You must associate the request with a project and assign reviewers and approvers to the request. The project contains the data that is used for the request discovery. Reviewers must view and approve each document for the end-user request (export or delete data). Approvers must approve the request after it is completed before the data is exported or deleted.
You can also create requests when you resolve risks. For information on resolving risks, see Resolving Risks Discovered in Data Sources.
Before You Begin
Gather the following information before you create the request:
-
The email address of the end user making the request.
-
The types and values of the PII that the end user wants to identify in the data sources.
Procedure
-
From the navigation pane, go to Data Insights.
The Data Insights page appears.
-
Under Risk Analysis, click Request manager.
The Request manager page appears.
-
In the upper-right corner of the page, click Add request.
The Add request page appears.
-
Under Create request, in the Name box, enter a name for the request.
-
Export or delete the data that contains the end user PII:
-
To export the data, select Export.
Data that contains PII is exported and delivered to the user who made the request. The option to redact PII is available for exported data.
-
To delete the data from the data source, select Delete.
-
To delete the data from the data source and from the backup, select Delete, and then select the Delete from backup check box.
Important
The data is exported or deleted after the request is reviewed and approved.
-
-
To redact PII in the data before the data is exported, move the Redaction toggle key to the right.
The PII that matches the PII defined in the request is redacted in the documents that are returned by the request. During review, reviewers can redact additional PII or restore redacted information at the document level.
-
To enable document chaining, move the Document chaining toggle key to the right.
If any additional entities are found in a document, any other documents that contain the additional entities are also included in the result set of documents for the request.
-
In the Requester box, enter the email address of the user who initiated the request.
-
From the Personal entities list, select the type of entities that the end user wants to identify in your data sources.
For example, to find a phone number, select the Phone number entity type.
-
Click OK.
A box appears for each entity type that you selected.
-
In each entity type box, enter the values provided by the end user.
For example, in the Phone number box, enter 5555555555.
-
Click Create.
-
Under Configure request, from the Select project list, select a project to use for the request.
Note
The project defines the data sources that are used for the request.
-
In the Reviewers box, click Enter users, and then type the name of a user or user group.
-
When the user or user group appears, click the name to add it to the reviewers list.
-
In the Approvers box, click Enter users, and then type the name of a user or user group.
-
When the user or user group appears, click the name to add it to the approvers list.
-
Click Configure.
Result
The users who you added as reviewers and approvers to the request receive an email with instructions about how to review and to approve items in the request.
Related Topics
For more information about entity types, see Personally Identifiable Information (PII) Entity Types.